205hlab-mirrors/authentik
2
0
Fork 0
mirror of https://github.com/goauthentik/authentik.git synced 2026-06-17 19:09:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

internal: fix certificate fallback without SNI (cherry-pick #21417 to version-2026.2) (#21419)

Browse Source 
internal: fix certificate fallback without SNI (#21417)

21412: fix falls back to RSA instead of configured other TLS Certificates for a brand/domain

Honor the other certificates other than RSA

Co-authored-by: Bapuji Koraganti <34816445+bkoragan@users.noreply.github.com>
This commit is contained in:
authentik-automation[bot]
2026-04-07 02:08:50 +02:00
committed by GitHub
parent cefbf5e6ae
commit ddfef91ea5
1 changed files with 1 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/web/web_tls.go
+1 -5
View File
@@ -19,11 +19,7 @@ func (ws *WebServer) GetCertificate() func(ch *tls.ClientHelloInfo) (*tls.Config
}
return func(ch *tls.ClientHelloInfo) (*tls.Config, error) {
cfg := utils.GetTLSConfig()
if ch.ServerName == "" {
cfg.Certificates = []tls.Certificate{fallback}
return cfg, nil
}
if ws.ProxyServer != nil {
if ch.ServerName != "" && ws.ProxyServer != nil {
appCert := ws.ProxyServer.GetCertificate(ch.ServerName)
if appCert != nil {
cfg.Certificates = []tls.Certificate{*appCert}